Top 4 Data Security Predictions 2022
For the past two years — 2020 and 2021 — the entire world worked together to stand its ground during the COVID pandemic and watched it leave behind a transformed world. When it comes to data security, 2021 saw a significant increase from 2020, and there is no reason to believe that 2022 will change that pattern. The supply chain turned out to be the weakest link for a cybersecurity breach, with remote work raising the average cost of a data breach by $137,000. As per McKinsey, only 16% of executives say that their organizations are ready to handle a cyber-attack. Here are Seclore’s security predictions for 2022:
1. Data Protection: A Higher Component of Enterprise Security Budget
The digitization boom has led to a trail of uncontrolled enterprise infrastructure, including servers, data centers, cloud applications, networks, and so on. In 2021, there was a lot of media buzz and CXO awareness about the consequences of data breaches that brought many organizations to their knees. These significant data breaches have raised the boardroom data protection conversations across industries. With security infrastructure consisting of devices, networks, applications, and people going beyond the control of the enterprise, the only option for CISOs will be to focus on data itself.
In 2022, we predict data protection will take a significant pie share of the security budgets because enterprises lose control of their technology infrastructure on-premise apps, cloud, devices, and networks. Data-centric security will become the ONLY solution to many of the security problems of enterprises.
2. Lack of Workforce Will Drive Automation
A dearth of skilled security professionals is not new. In Seclore’s 2018 and 2021 Predictions, we predicted that security resources would become even more scarce. This fact is supported in the fifth annual industry report from the Information Systems Security Association (ISSA) and analyst Enterprise Strategy Group ESG, “The Life and Times of Cybersecurity Professionals 2021.” It demonstrates that the cybersecurity industry is still witnessing workforce shortage from heavy workload (62%), unfilled positions (38%), and worker burnout (38%). Around 95% believe the gap has not reduced in the last five years. In 2022, the gap will only increase, and enterprises will be able only to afford initiatives requiring little or no security expertise.
The dearth of talent arising from “The Great Resignation” will accentuate the need for automation. Security solutions that can intelligently automate security will prevail as the resource crunch makes manual tasks unviable and human errors expensive. The standard Security Operations Center (SOC) role in acting as a centralized record system for the security organization will change.
In 2022, we predict that only those security initiatives with little to no dependence on end-users and security teams will succeed. Automation will become the key to success.
3. Multi-Cloud Enterprises Will Embrace Single Source of Truth for Data Security
The pandemic in 2020 and 2021 has led to an emergency work-from-home situation, spurring the need for an emergency migration to cloud infrastructure. This put a wrench in the organizations’ security protocols. Most organizations were not equipped for large-scale migration with appropriate security protocols. This has not gone unnoticed by cyberattackers. Enterprise data moves across multiple clouds, and implementing one uniform data security policy is nearly impossible in the heterogeneous environment.
Cloud Service Providers (CSPs) have been focused on securing their own infrastructure and data security within it. None of the large CSPs focus on actual data-centric security within and outside their infrastructure. What’s required is a way to protect data across its entire lifecycle — while data-at-rest, in motion, and in use as it moves across CSPs. Among other things, this increases the compliance burden of the enterprises.
In 2022, we predict that multi-cloud enterprises will get hyper-focused on deploying data security that spans the different CSPs. This single source of truth for data security policy will become the driver for more open multi-cloud adoption
4. Regulations and Fines Will Drive Data-Centricity
Compliance seems to make a list every year, no doubt. Every 3 letter combination appears to be a privacy compliance regulation in some parts of the world, with “D” in GDPR, PDPA, DPB, … standing for “Data.” Privacy regulations have gone from process-and-control-centric (the means) to data-centric (the end). The growth of data privacy regulations will directly impact the increase in the penalties collected from each violation. The recent data explosion means more data at every individual’s disposal, resulting in a higher risk of data breaches and exposure in multiple jurisdictions.
2022 will be the year for CISOs to clean up these messes and focus on designing effective and innovative strategies to provide holistic data security. Organizations will consider security tools to provide a unified cybersecurity platform and focus on protecting the data. Security adoption and effectiveness depend on how well various security tools integrate and work in sync to reduce risk. Security vendors that offer a platform or allow seamless integration between best-of-breed, data centric security and enterprise applications will be required.
2022 will be a busy year for data security professionals. Heavy migration to cloud infrastructure on an organizational level during the Covid-19 pandemic left security as an afterthought, and 2022 will be the year of the cleanup. Meeting often conflicting security, privacy, and collaboration goals will force technology professionals to drive fundamental rethinking of “what really drives security.”